{"id":1156,"date":"2015-01-28T12:14:40","date_gmt":"2015-01-28T01:14:40","guid":{"rendered":"http:\/\/howden.net.au\/thowden\/?p=1156"},"modified":"2015-01-28T12:14:40","modified_gmt":"2015-01-28T01:14:40","slug":"cve-2015-0235-ghost-glibc-debian-wheezy-centos-5-11-6-6-gethost-security-issue","status":"publish","type":"post","link":"https:\/\/howden.net.au\/thowden\/2015\/01\/cve-2015-0235-ghost-glibc-debian-wheezy-centos-5-11-6-6-gethost-security-issue\/","title":{"rendered":"CVE-2015-0235 Ghost glibc Debian Wheezy CentOS 5.11 6.6 gethost security issue"},"content":{"rendered":"<p>So another security issue on Linux.\u00a0 I have multiple servers to worry about and they are mostly based on two distributions of Debian and CentOS.<\/p>\n<p>Because it is a newly found vulnerability some mirror sites are not up to date so in trying to patch my servers I found the following to be helpful.<\/p>\n<p><strong>Debian<\/strong><\/p>\n<p>Check this for <a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2015-0235\" target=\"_blank\">https:\/\/security-tracker.debian.org\/tracker\/CVE-2015-0235<\/a> the Debian versions that are affected.<\/p>\n<p>My Debian Wheezy servers showed:<\/p>\n<p>[code]$ ldd &#8211;version<br \/>\nldd (Debian EGLIBC 2.13-38+deb7u6) 2.13[\/code]<\/p>\n<p>or even older<\/p>\n<p>[code]$ ldd &#8211;version<br \/>\nldd (Debian EGLIBC 2.13-38+deb7u4) 2.13[\/code]<\/p>\n<p>so I ran the following on them<\/p>\n<p>[code]# apt-get update &amp;&amp; apt-get dist-upgrade[\/code]<\/p>\n<p>Watching and hitting the Y for yes when prompted. I could have used apt-get upgrade but I figured since I was doing upgrades I might as well do them completely. I like this post for a great explanation of the differences between the two options <a href=\"http:\/\/askubuntu.com\/questions\/194651\/why-use-apt-get-upgrade-instead-of-apt-get-dist-upgrade\" target=\"_blank\">http:\/\/askubuntu.com\/questions\/194651\/why-use-apt-get-upgrade-instead-of-apt-get-dist-upgrade<\/a>.<\/p>\n<p>and after the patching I get<\/p>\n<p>[code]# ldd &#8211;version<br \/>\nldd (Debian EGLIBC 2.13-38+deb7u7) 2.13[\/code]<\/p>\n<p>which tells me that I have the latest and should not be vulnerable.<\/p>\n<p><strong>CentOS<\/strong><\/p>\n<p>CentOS on one server was version 5.11 and did not want to update anything when I tried to use<\/p>\n<p>[code]# yum update glibc[\/code]<\/p>\n<p>So I checked and ran an update but found the same result, ie the mirror that yum used was not giving out a 27th January 2015 update. So I made a change in the \/etc\/yum.repos.d\/CentOS-Base.repo file to comment out the mirrorlist line and enable (uncomment) the baseurl line which goes direct to the CentOS servers that have patches from today that address the issue.<\/p>\n<p>How to tell which version of CentOS you have?<\/p>\n<p>[code]# cat \/etc\/*release*[\/code]<\/p>\n<p>will respond with something like<\/p>\n<p>[code]CentOS release 6.5 (Final)[\/code]<\/p>\n<p>So the process is to update glibc specifically and <\/p>\n<p>[code]# yum update glibc[\/code]<\/p>\n<p>Which should prompt for and find updates like this:<\/p>\n<p>[code]<\/p>\n<p>Resolving Dependencies<br \/>\n&#8211;&gt; Running transaction check<br \/>\n&#8212;&gt; Package glibc.i686 0:2.12-1.149.el6_6.4 will be updated<br \/>\n&#8212;&gt; Package glibc.x86_64 0:2.12-1.149.el6_6.4 will be updated<br \/>\n&#8212;&gt; Package glibc.i686 0:2.12-1.149.el6_6.5 will be an update<br \/>\n&#8212;&gt; Package glibc.x86_64 0:2.12-1.149.el6_6.5 will be an update<br \/>\n&#8212;&gt; Package glibc-common.x86_64 0:2.12-1.149.el6_6.4 will be updated<br \/>\n&#8212;&gt; Package glibc-common.x86_64 0:2.12-1.149.el6_6.5 will be an update<br \/>\n&#8212;&gt; Package glibc-devel.i686 0:2.12-1.149.el6_6.4 will be updated<br \/>\n&#8212;&gt; Package glibc-devel.x86_64 0:2.12-1.149.el6_6.4 will be updated<br \/>\n&#8212;&gt; Package glibc-devel.i686 0:2.12-1.149.el6_6.5 will be an update<br \/>\n&#8212;&gt; Package glibc-devel.x86_64 0:2.12-1.149.el6_6.5 will be an update<br \/>\n&#8212;&gt; Package glibc-headers.x86_64 0:2.12-1.149.el6_6.4 will be updated<br \/>\n&#8212;&gt; Package glibc-headers.x86_64 0:2.12-1.149.el6_6.5 will be an update<br \/>\n&#8212;&gt; Package glibc-static.x86_64 0:2.12-1.149.el6_6.4 will be updated<br \/>\n&#8212;&gt; Package glibc-static.x86_64 0:2.12-1.149.el6_6.5 will be an update<br \/>\n&#8211;&gt; Finished Dependency Resolution<\/p>\n<p>Dependencies Resolved<\/p>\n<p>================================================================================<br \/>\nPackage Arch Version Repository Size<br \/>\n================================================================================<br \/>\nUpdating:<br \/>\nglibc i686 2.12-1.149.el6_6.5 updates 4.3 M<br \/>\nglibc x86_64 2.12-1.149.el6_6.5 updates 3.8 M<br \/>\nglibc-common x86_64 2.12-1.149.el6_6.5 updates 14 M<br \/>\nglibc-devel i686 2.12-1.149.el6_6.5 updates 984 k<br \/>\nglibc-devel x86_64 2.12-1.149.el6_6.5 updates 983 k<br \/>\nglibc-headers x86_64 2.12-1.149.el6_6.5 updates 612 k<br \/>\nglibc-static x86_64 2.12-1.149.el6_6.5 updates 1.4 M<\/p>\n<p>Transaction Summary<br \/>\n================================================================================<br \/>\nUpgrade 7 Package(s)<\/p>\n<p>Total download size: 26 M<br \/>\nIs this ok [y\/N]:<\/p>\n<p>[\/code]<\/p>\n<p>This is where I hit Y for yes and watched it continue to download and upgrade glibc.<\/p>\n<p>Finally for all of the servers I used a <a href=\"http:\/\/howden.net.au\/thowden\/2015\/01\/cve-2015-0235-ghost-glibc-debian-wheezy-centos-5-11-6-6-gethost-security-testing\/\" target=\"_blank\">test script for CVE-2015-0235 glibc ghost<\/a> that was provided from elsewhere.<\/p>\n<p>Next is VMWare, Watchguard, and anything else that might have glibc.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So another security issue on Linux.\u00a0 I have multiple servers to worry about and they are mostly based on two distributions of Debian and CentOS. Because it is a newly found vulnerability some mirror sites are not up to date so in trying to patch my servers I found the following to be helpful. Debian [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":["post-1156","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/1156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/comments?post=1156"}],"version-history":[{"count":0,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/1156\/revisions"}],"wp:attachment":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/media?parent=1156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/categories?post=1156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/tags?post=1156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}